SlideShare uma empresa Scribd logo

2019 InfoSec Buyer's Guide

Adrian Sanabria
Adrian Sanabria

You've got security issues to solve. Should you build a solution or buy something pre-built? If you choose to buy, what should your selection criteria be? What questions should you ask the vendor? How should you run a POC? How do you put a security product through it's paces? You can view a recording of this presentation here: https://www.youtube.com/watch?v=SPFam1FtPRY

Tecnologia
1 de 31
Baixar para ler offline
2019 Infosec Buyers Guide Adrian Sanabria, VP of Strategy and Product Marketing at NopSec Paul Asadoorian, Founder & CTO at Security Weekly
Who are these guys? Paul Asadoorian Practitioner Instructor Entrepreneur Product Strategy Owner, host of the Security Weekly Podcast Cigar smoker, whiskey drinker Adrian Sanabria Practitioner Consultant Industry Analyst Entrepreneur; Product Strategy Has SEEN things, you know? Cigar smoker, whiskey drinker
Agenda - Buckle up! Part 0: Problems and Goals Part 1: Shopping Part 2: Evaluation Part 3: Ownership
Quick Note about Handouts and Prizes This ICON means there’s a related handout in the SlideZip or at the end! Scan the QR code to the right, or email sawaba@zip.sh with infosecworld2019 as the subject.
Questions To Ask Yourself ● Can I describe the problem I’m having? ● What are my goals and requirements related to this problem?
Questions To Ask Yourself Is there a chance I already own a workable solution?
Questions To Ask Yourself ● Build vs buy: could I roll with FOSS or build it myself? ● Would it be more or less labor and cost than going with a COTS (Commercial Off-The-Shelf) offering?
Build vs Buy: Prioritizing least expense/effort 1. Solve with existing resources 2. Build with existing resources 3. Buy solution; implement/use with existing resources 4. Acquire service (outsource solution) 5. Buy solution; add/train people with existing resources 6. Request more resources & do one of the previous five Resources = People, Software, Assets and/or Budget
Build vs Buy in one simple flowchart* *Sorry, maybe not that simple, but there’s a copy in the handouts for you to look at more closely later! This came from: https://medium.com/@sawaba/when-to-purchase-a-solution-to-your-cybersecurity-problem-86de1fa203ba
Questions To Ask Yourself Defining a few metrics: 1. Time-to-Value: The effort necessary to get a product implemented and doing something useful. 2. Labor-to-Value Ratio: The effort necessary to keep a product maintained and continuing to be useful 3. True Cost: CapEx + OpEx + Direct Labor costs + Indirect Labor costs Examples: Anti-Virus? SIEM? Others?
Who Are We Dealing With? ● Dealing with startups - More like a partnership ● Dealing with established companies who are frequently acquiring or being acquired
Agenda - Buckle up! Part 0: Problems and Goals Part 1: Shopping Part 2: Evaluation Part 3: Ownership
Shopping! ● Cutting through vendor marketing ● Understanding the pitch ● “It’s on the roadmap” ● Asking the right questions ● Asking the right people
Anatomy of a Pitch The WebEx Tax (5 minutes sorry Cisco) Introductions (5 minutes) About the Company (5 minutes) The Problem Statement (10 minutes or more) The Product (10 minutes or more) Demo (maybe?) Roadmap, Competition, The Future (remainder) Next Steps Discussion (Last 5 minutes)
Understand the sale by understanding the seller ● Pricing models ○ By endpoint ○ By device ○ Per employee ○ Base + modules ● Sales models ● Compensation ● Channel sales
Storytime! “FireEye Buyer’s Remorse” 1. Aggressive sales/marketing 2. Poorly understood value prop 3. Customers bought for the wrong reasons 4. Customer Regret 5. High churn, low renewals
Ten Eleven questions to ask and why you should ask them 1. What problems and/or challenges do you solve? 2. How is the solution implemented (architecture)? 3. How does your product work? 4. What is the value proposition? 5. Does the product have a ‘killer feature’? 6. On average, how long is the typical deployment? 7. How much effort does the product take to maintain? 8. Who is your competition? 9. What is the one feature that differentiates you? 10. How do you measure the success of the product? 11. What is your ideal customer? Actual software product manager hard at work...
Who Should You Ask? “It Depends”, however typically these are some of the better roles to handle product questions (in order): 1. Founder & CEO/CTO 2. Product Management 3. VP of Marketing or Product Marketing For technical questions the VP/Head of Research and Development is typically the best source.
Agenda - Buckle up! Part 0: Problems and Goals Part 1: Shopping Part 2: Evaluation Part 3: Ownership
Evaluation Checklist 1. Define goals and objectives (success metrics) 2. Setup the correct test data and/or environment (its okay to cheat, ala downloading bad domains vs. looking for them) 3. Testing in the lab, but perhaps with real data from the network or log sources 4. Continually testing various scenarios based on real-world experiences 5. Does it actually work? 6. How much effort will it take to make it work (value:labor ratio)? 7. How long will it take to implement (time-to-value)? 18 hours, days, weeks or months? 8. How easy (or difficult) will it be to operationalize it?
Types Of Evaluations ● Hands-Off - You’ve spoken to the company at a high level and saw a technical demo. You’ve talked to analysts and companies using the product and received feedback. ● Open-Source / Free Trial - Typically limited in features, but allows you to conduct a very scaled down test. May only involve you, the security person, and if you find something good, you tell others.. ● Pre-Configured Testing - The vendor sets up a test, using fake data (or data that does not come from your environment). Allows you to explore all of the functionality (typically only involves you).
Types Of Evaluations (2) ● Evaluating in your own lab - You’ve setup your own virtual/cloud environment, that does not mirror your production systems, but allows you to test solutions on your own. This may involve other people in your organization. ● Evaluating in a mirror - Mirror your production/test/qa/other environment, do the testing, likely with some others in your organization. ● Evaluating in production, limited implementation - In collaboration with other groups, implement the solution in a small sample of your network/systems. Typically this will include vendor support, at varying levels.
Agenda - Buckle up! Part 0: Problems and Goals Part 1: Shopping Part 2: Evaluation Part 3: Ownership
Long-term Ownership Consider: ● The True Cost metric ● The post-purchase relationship ○ Second-class citizen? ○ Did you “plan to ditch before you hitched?” ● Is there still technical value? ○ Overlap with other products? ○ Shift in threats? ● Does it still make financial sense? ○ Can you do it cheaper? ○ Hand off to MSSP? ○ Run in the cloud?
Avoiding “Shelfware” The solution has to be practical, meaning it is: ● Aligned with business goals and objectives ● Solves actual problem(s) ● Makes jobs easier, not more difficult Really cool != practical (but I still want one)
Storytime!
Storytime!
1. Staff was oblivious 2. Symantec 3. FireEye 4. Phone Calls 1. Staff was very aware 2. Web Scanner (DAST) 3. Network Scanner 4. SAST tool 5. SSLV Malfunction 6. Custom Snort rule Storytime!
Storytime! Every company breached had security products What went wrong? 1. Understand the product’s coverage and limitations 2. Understand your staff’s coverage and limitations 3. Learn to use tools effectively 4. Test systems, tools and staff
Resources Product Evaluation Form (Google Doc) Incident Cost Calculator (Google Sheet) When to purchase a ‘solution’ to your cybersecurity problem (Blog Post) What is your product and what does it do? (Blog Post) In the SlideZip: ● From the CISO’s Guide to Startups ○ Slides ○ Handout and Appendicies ○ Vendor Expo Challenge ● Some of the blogs from the left ● Product/Vendor Evaluation Form
For the handouts, email sawaba@zip.sh with infosecworld2019 in the subject or scan this QR code → Twitter: @sawaba Blog: https://medium.com/@sawaba Twitter: @securityweekly Email: paul@securityweekly.com Podcasts: https://securityweekly.com/subscribe THANK YOU Please Fill Out Your Evaluations

Recomendados

5 Lessons Learned in Product Management by Twitch Senior PM
5 Lessons Learned in Product Management by Twitch Senior PM5 Lessons Learned in Product Management by Twitch Senior PM
5 Lessons Learned in Product Management by Twitch Senior PMProduct School
 
Dmytro Breslavets: Test fast, die cheap. Як закривати гештальти швидко та не ...
Dmytro Breslavets: Test fast, die cheap. Як закривати гештальти швидко та не ...Dmytro Breslavets: Test fast, die cheap. Як закривати гештальти швидко та не ...
Dmytro Breslavets: Test fast, die cheap. Як закривати гештальти швидко та не ...Lviv Startup Club
 
Hellomeets - 15th November
Hellomeets - 15th NovemberHellomeets - 15th November
Hellomeets - 15th NovemberAbhijeet Gaur
 
RSAC 2016: CISO's guide to Startups
RSAC 2016: CISO's guide to StartupsRSAC 2016: CISO's guide to Startups
RSAC 2016: CISO's guide to StartupsAdrian Sanabria
 
How to avoid 6 deadly mistakes when building a digital product 2018
How to avoid 6 deadly mistakes when building a digital product 2018How to avoid 6 deadly mistakes when building a digital product 2018
How to avoid 6 deadly mistakes when building a digital product 2018inFullMobile
 
From a concept to viable business — How do we know if we are building the rig...
From a concept to viable business — How do we know if we are building the rig...From a concept to viable business — How do we know if we are building the rig...
From a concept to viable business — How do we know if we are building the rig...Marko Taipale
 
From a concept to viable business — How do we know if we are building the rig...
From a concept to viable business — How do we know if we are building the rig...From a concept to viable business — How do we know if we are building the rig...
From a concept to viable business — How do we know if we are building the rig...Gosei Oy
 
Think like a Product Manager II
Think like a Product Manager IIThink like a Product Manager II
Think like a Product Manager IINizorPreciousOgbezuo
 

Recomendados

5 Lessons Learned in Product Management by Twitch Senior PM
5 Lessons Learned in Product Management by Twitch Senior PM5 Lessons Learned in Product Management by Twitch Senior PM
5 Lessons Learned in Product Management by Twitch Senior PMProduct School
 
Dmytro Breslavets: Test fast, die cheap. Як закривати гештальти швидко та не ...
Dmytro Breslavets: Test fast, die cheap. Як закривати гештальти швидко та не ...Dmytro Breslavets: Test fast, die cheap. Як закривати гештальти швидко та не ...
Dmytro Breslavets: Test fast, die cheap. Як закривати гештальти швидко та не ...Lviv Startup Club
 
Hellomeets - 15th November
Hellomeets - 15th NovemberHellomeets - 15th November
Hellomeets - 15th NovemberAbhijeet Gaur
 
RSAC 2016: CISO's guide to Startups
RSAC 2016: CISO's guide to StartupsRSAC 2016: CISO's guide to Startups
RSAC 2016: CISO's guide to StartupsAdrian Sanabria
 
How to avoid 6 deadly mistakes when building a digital product 2018
How to avoid 6 deadly mistakes when building a digital product 2018How to avoid 6 deadly mistakes when building a digital product 2018
How to avoid 6 deadly mistakes when building a digital product 2018inFullMobile
 
From a concept to viable business — How do we know if we are building the rig...
From a concept to viable business — How do we know if we are building the rig...From a concept to viable business — How do we know if we are building the rig...
From a concept to viable business — How do we know if we are building the rig...Marko Taipale
 
From a concept to viable business — How do we know if we are building the rig...
From a concept to viable business — How do we know if we are building the rig...From a concept to viable business — How do we know if we are building the rig...
From a concept to viable business — How do we know if we are building the rig...Gosei Oy
 
Think like a Product Manager II
Think like a Product Manager IIThink like a Product Manager II
Think like a Product Manager IINizorPreciousOgbezuo
 
Using Customer Research to Build Your Product
Using Customer Research to Build Your ProductUsing Customer Research to Build Your Product
Using Customer Research to Build Your ProductArpit Rai
 
Intro to Lean Startup and Customer Discovery for Agilists
Intro to Lean Startup and Customer Discovery for AgilistsIntro to Lean Startup and Customer Discovery for Agilists
Intro to Lean Startup and Customer Discovery for AgilistsShashi Jain
 
Practical Tips for Building PM Skills by Reddit Sr PM
Practical Tips for Building PM Skills by Reddit Sr PMPractical Tips for Building PM Skills by Reddit Sr PM
Practical Tips for Building PM Skills by Reddit Sr PMProduct School
 
ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия...
ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия... ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия...
ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия...it-network
 
Road to product / market fit
Road to product / market fitRoad to product / market fit
Road to product / market fitMikko Seppä
 
Building new products - sundar rajan - introduction (part 1)
Building new products - sundar rajan - introduction (part 1)Building new products - sundar rajan - introduction (part 1)
Building new products - sundar rajan - introduction (part 1)Sundar Rajan
 
Prototyping and MVPs for startups
Prototyping and MVPs for startupsPrototyping and MVPs for startups
Prototyping and MVPs for startupsGeorge Krasadakis
 
Poka-yoke your Marketing
Poka-yoke your MarketingPoka-yoke your Marketing
Poka-yoke your MarketingBusiness901
 
How to leverage your work with a Product Mindset - Mark Opanasiuk.pdf
How to leverage your work with a Product Mindset - Mark Opanasiuk.pdfHow to leverage your work with a Product Mindset - Mark Opanasiuk.pdf
How to leverage your work with a Product Mindset - Mark Opanasiuk.pdfMark Opanasiuk
 
Embracing Failures & Bouncing Back by fmr PayPal Principal PM
Embracing Failures & Bouncing Back by fmr PayPal Principal PM Embracing Failures & Bouncing Back by fmr PayPal Principal PM
Embracing Failures & Bouncing Back by fmr PayPal Principal PMProduct School
 
Presented at Ford's 2017 Global IT Learning Summit (GLITS)
Presented at Ford's 2017 Global IT Learning Summit (GLITS)Presented at Ford's 2017 Global IT Learning Summit (GLITS)
Presented at Ford's 2017 Global IT Learning Summit (GLITS)Ron Lazaro
 
PMI france lean startup for project management
PMI france lean startup for project managementPMI france lean startup for project management
PMI france lean startup for project managementFranck Debane
 
Speed Wins: Launching new products and services. pptx
Speed Wins: Launching new products and services. pptxSpeed Wins: Launching new products and services. pptx
Speed Wins: Launching new products and services. pptxPeter Eales
 
From Product Vision to Story Map - Lean / Agile Product shaping
From Product Vision to Story Map - Lean / Agile Product shapingFrom Product Vision to Story Map - Lean / Agile Product shaping
From Product Vision to Story Map - Lean / Agile Product shapingJérôme Kehrli
 
Business strategy
Business strategy Business strategy
Business strategy Vijayananda Mohire
 
Highest quality code in your SaaS project. Why should you care about it as a ...
Highest quality code in your SaaS project. Why should you care about it as a ...Highest quality code in your SaaS project. Why should you care about it as a ...
Highest quality code in your SaaS project. Why should you care about it as a ...The Codest
 
2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...
2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...
2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...Acumatica Cloud ERP
 
From an idea to an MVP: a guide for startups
From an idea to an MVP: a guide for startupsFrom an idea to an MVP: a guide for startups
From an idea to an MVP: a guide for startupsGeorge Krasadakis
 
2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute
2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute
2010 04 28 The Lean Startup webinar for the Lean Enterprise InstituteEric Ries
 
Agile for Startups
Agile for StartupsAgile for Startups
Agile for StartupsJim Murphy
 
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Adrian Sanabria
 
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Adrian Sanabria
 

Mais conteúdo relacionado

Semelhante a 2019 InfoSec Buyer's Guide

Using Customer Research to Build Your Product
Using Customer Research to Build Your ProductUsing Customer Research to Build Your Product
Using Customer Research to Build Your ProductArpit Rai
 
Intro to Lean Startup and Customer Discovery for Agilists
Intro to Lean Startup and Customer Discovery for AgilistsIntro to Lean Startup and Customer Discovery for Agilists
Intro to Lean Startup and Customer Discovery for AgilistsShashi Jain
 
Practical Tips for Building PM Skills by Reddit Sr PM
Practical Tips for Building PM Skills by Reddit Sr PMPractical Tips for Building PM Skills by Reddit Sr PM
Practical Tips for Building PM Skills by Reddit Sr PMProduct School
 
ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия...
ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия... ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия...
ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия...it-network
 
Road to product / market fit
Road to product / market fitRoad to product / market fit
Road to product / market fitMikko Seppä
 
Building new products - sundar rajan - introduction (part 1)
Building new products - sundar rajan - introduction (part 1)Building new products - sundar rajan - introduction (part 1)
Building new products - sundar rajan - introduction (part 1)Sundar Rajan
 
Prototyping and MVPs for startups
Prototyping and MVPs for startupsPrototyping and MVPs for startups
Prototyping and MVPs for startupsGeorge Krasadakis
 
Poka-yoke your Marketing
Poka-yoke your MarketingPoka-yoke your Marketing
Poka-yoke your MarketingBusiness901
 
How to leverage your work with a Product Mindset - Mark Opanasiuk.pdf
How to leverage your work with a Product Mindset - Mark Opanasiuk.pdfHow to leverage your work with a Product Mindset - Mark Opanasiuk.pdf
How to leverage your work with a Product Mindset - Mark Opanasiuk.pdfMark Opanasiuk
 
Embracing Failures & Bouncing Back by fmr PayPal Principal PM
Embracing Failures & Bouncing Back by fmr PayPal Principal PM Embracing Failures & Bouncing Back by fmr PayPal Principal PM
Embracing Failures & Bouncing Back by fmr PayPal Principal PMProduct School
 
Presented at Ford's 2017 Global IT Learning Summit (GLITS)
Presented at Ford's 2017 Global IT Learning Summit (GLITS)Presented at Ford's 2017 Global IT Learning Summit (GLITS)
Presented at Ford's 2017 Global IT Learning Summit (GLITS)Ron Lazaro
 
PMI france lean startup for project management
PMI france lean startup for project managementPMI france lean startup for project management
PMI france lean startup for project managementFranck Debane
 
Speed Wins: Launching new products and services. pptx
Speed Wins: Launching new products and services. pptxSpeed Wins: Launching new products and services. pptx
Speed Wins: Launching new products and services. pptxPeter Eales
 
From Product Vision to Story Map - Lean / Agile Product shaping
From Product Vision to Story Map - Lean / Agile Product shapingFrom Product Vision to Story Map - Lean / Agile Product shaping
From Product Vision to Story Map - Lean / Agile Product shapingJérôme Kehrli
 
Highest quality code in your SaaS project. Why should you care about it as a ...
Highest quality code in your SaaS project. Why should you care about it as a ...Highest quality code in your SaaS project. Why should you care about it as a ...
Highest quality code in your SaaS project. Why should you care about it as a ...The Codest
 
2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...
2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...
2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...Acumatica Cloud ERP
 
From an idea to an MVP: a guide for startups
From an idea to an MVP: a guide for startupsFrom an idea to an MVP: a guide for startups
From an idea to an MVP: a guide for startupsGeorge Krasadakis
 
2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute
2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute
2010 04 28 The Lean Startup webinar for the Lean Enterprise InstituteEric Ries
 
Agile for Startups
Agile for StartupsAgile for Startups
Agile for StartupsJim Murphy
 

Semelhante a 2019 InfoSec Buyer's Guide (20)

Using Customer Research to Build Your Product
Using Customer Research to Build Your ProductUsing Customer Research to Build Your Product
Using Customer Research to Build Your Product
 
Intro to Lean Startup and Customer Discovery for Agilists
Intro to Lean Startup and Customer Discovery for AgilistsIntro to Lean Startup and Customer Discovery for Agilists
Intro to Lean Startup and Customer Discovery for Agilists
 
Practical Tips for Building PM Skills by Reddit Sr PM
Practical Tips for Building PM Skills by Reddit Sr PMPractical Tips for Building PM Skills by Reddit Sr PM
Practical Tips for Building PM Skills by Reddit Sr PM
 
ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия...
ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия... ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия...
ITNetwork BACon agile spring. Андрей Таганский - Product Manager - профессия...
 
Road to product / market fit
Road to product / market fitRoad to product / market fit
Road to product / market fit
 
Building new products - sundar rajan - introduction (part 1)
Building new products - sundar rajan - introduction (part 1)Building new products - sundar rajan - introduction (part 1)
Building new products - sundar rajan - introduction (part 1)
 
Prototyping and MVPs for startups
Prototyping and MVPs for startupsPrototyping and MVPs for startups
Prototyping and MVPs for startups
 
Poka-yoke your Marketing
Poka-yoke your MarketingPoka-yoke your Marketing
Poka-yoke your Marketing
 
How to leverage your work with a Product Mindset - Mark Opanasiuk.pdf
How to leverage your work with a Product Mindset - Mark Opanasiuk.pdfHow to leverage your work with a Product Mindset - Mark Opanasiuk.pdf
How to leverage your work with a Product Mindset - Mark Opanasiuk.pdf
 
Embracing Failures & Bouncing Back by fmr PayPal Principal PM
Embracing Failures & Bouncing Back by fmr PayPal Principal PM Embracing Failures & Bouncing Back by fmr PayPal Principal PM
Embracing Failures & Bouncing Back by fmr PayPal Principal PM
 
Presented at Ford's 2017 Global IT Learning Summit (GLITS)
Presented at Ford's 2017 Global IT Learning Summit (GLITS)Presented at Ford's 2017 Global IT Learning Summit (GLITS)
Presented at Ford's 2017 Global IT Learning Summit (GLITS)
 
PMI france lean startup for project management
PMI france lean startup for project managementPMI france lean startup for project management
PMI france lean startup for project management
 
Speed Wins: Launching new products and services. pptx
Speed Wins: Launching new products and services. pptxSpeed Wins: Launching new products and services. pptx
Speed Wins: Launching new products and services. pptx
 
From Product Vision to Story Map - Lean / Agile Product shaping
From Product Vision to Story Map - Lean / Agile Product shapingFrom Product Vision to Story Map - Lean / Agile Product shaping
From Product Vision to Story Map - Lean / Agile Product shaping
 
Business strategy
Business strategy Business strategy
Business strategy
 
Highest quality code in your SaaS project. Why should you care about it as a ...
Highest quality code in your SaaS project. Why should you care about it as a ...Highest quality code in your SaaS project. Why should you care about it as a ...
Highest quality code in your SaaS project. Why should you care about it as a ...
 
2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...
2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...
2 Tips on Every Sales Stage: Learning from Our Top Wins and Losses, by Sean C...
 
From an idea to an MVP: a guide for startups
From an idea to an MVP: a guide for startupsFrom an idea to an MVP: a guide for startups
From an idea to an MVP: a guide for startups
 
2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute
2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute
2010 04 28 The Lean Startup webinar for the Lean Enterprise Institute
 
Agile for Startups
Agile for StartupsAgile for Startups
Agile for Startups
 

Mais de Adrian Sanabria

Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Adrian Sanabria
 
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Adrian Sanabria
 
Lies and Myths in InfoSec - 2023 Usenix Enigma
Lies and Myths in InfoSec - 2023 Usenix EnigmaLies and Myths in InfoSec - 2023 Usenix Enigma
Lies and Myths in InfoSec - 2023 Usenix EnigmaAdrian Sanabria
 
Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...
Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...
Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...Adrian Sanabria
 
Equifax Breach Postmortem
Equifax Breach PostmortemEquifax Breach Postmortem
Equifax Breach PostmortemAdrian Sanabria
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security PractitionerAdrian Sanabria
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021Adrian Sanabria
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
From due diligence to IoT disaster
From due diligence to IoT disasterFrom due diligence to IoT disaster
From due diligence to IoT disasterAdrian Sanabria
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Adrian Sanabria
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Adrian Sanabria
 
451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?Adrian Sanabria
 
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...Adrian Sanabria
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Security and DevOps Overview
Security and DevOps OverviewSecurity and DevOps Overview
Security and DevOps OverviewAdrian Sanabria
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerAdrian Sanabria
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria
 

Mais de Adrian Sanabria (20)

Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
 
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...
 
Lies and Myths in InfoSec - 2023 Usenix Enigma
Lies and Myths in InfoSec - 2023 Usenix EnigmaLies and Myths in InfoSec - 2023 Usenix Enigma
Lies and Myths in InfoSec - 2023 Usenix Enigma
 
Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...
Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...
Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...
 
Equifax Breach Postmortem
Equifax Breach PostmortemEquifax Breach Postmortem
Equifax Breach Postmortem
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021
 
The Products We Deserve
The Products We DeserveThe Products We Deserve
The Products We Deserve
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
From due diligence to IoT disaster
From due diligence to IoT disasterFrom due diligence to IoT disaster
From due diligence to IoT disaster
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
 
451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?
 
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
 
Security and DevOps Overview
Security and DevOps OverviewSecurity and DevOps Overview
Security and DevOps Overview
 
2016 virus bulletin
2016 virus bulletin2016 virus bulletin
2016 virus bulletin
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard Of
 

Último

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

2019 InfoSec Buyer's Guide

  • 1. 2019 Infosec Buyers Guide Adrian Sanabria, VP of Strategy and Product Marketing at NopSec Paul Asadoorian, Founder & CTO at Security Weekly
  • 2. Who are these guys? Paul Asadoorian Practitioner Instructor Entrepreneur Product Strategy Owner, host of the Security Weekly Podcast Cigar smoker, whiskey drinker Adrian Sanabria Practitioner Consultant Industry Analyst Entrepreneur; Product Strategy Has SEEN things, you know? Cigar smoker, whiskey drinker
  • 3. Agenda - Buckle up! Part 0: Problems and Goals Part 1: Shopping Part 2: Evaluation Part 3: Ownership
  • 4. Quick Note about Handouts and Prizes This ICON means there’s a related handout in the SlideZip or at the end! Scan the QR code to the right, or email sawaba@zip.sh with infosecworld2019 as the subject.
  • 5. Questions To Ask Yourself ● Can I describe the problem I’m having? ● What are my goals and requirements related to this problem?
  • 6. Questions To Ask Yourself Is there a chance I already own a workable solution?
  • 7. Questions To Ask Yourself ● Build vs buy: could I roll with FOSS or build it myself? ● Would it be more or less labor and cost than going with a COTS (Commercial Off-The-Shelf) offering?
  • 8. Build vs Buy: Prioritizing least expense/effort 1. Solve with existing resources 2. Build with existing resources 3. Buy solution; implement/use with existing resources 4. Acquire service (outsource solution) 5. Buy solution; add/train people with existing resources 6. Request more resources & do one of the previous five Resources = People, Software, Assets and/or Budget
  • 9. Build vs Buy in one simple flowchart* *Sorry, maybe not that simple, but there’s a copy in the handouts for you to look at more closely later! This came from: https://medium.com/@sawaba/when-to-purchase-a-solution-to-your-cybersecurity-problem-86de1fa203ba
  • 10. Questions To Ask Yourself Defining a few metrics: 1. Time-to-Value: The effort necessary to get a product implemented and doing something useful. 2. Labor-to-Value Ratio: The effort necessary to keep a product maintained and continuing to be useful 3. True Cost: CapEx + OpEx + Direct Labor costs + Indirect Labor costs Examples: Anti-Virus? SIEM? Others?
  • 11. Who Are We Dealing With? ● Dealing with startups - More like a partnership ● Dealing with established companies who are frequently acquiring or being acquired
  • 12. Agenda - Buckle up! Part 0: Problems and Goals Part 1: Shopping Part 2: Evaluation Part 3: Ownership
  • 13. Shopping! ● Cutting through vendor marketing ● Understanding the pitch ● “It’s on the roadmap” ● Asking the right questions ● Asking the right people
  • 14. Anatomy of a Pitch The WebEx Tax (5 minutes sorry Cisco) Introductions (5 minutes) About the Company (5 minutes) The Problem Statement (10 minutes or more) The Product (10 minutes or more) Demo (maybe?) Roadmap, Competition, The Future (remainder) Next Steps Discussion (Last 5 minutes)
  • 15. Understand the sale by understanding the seller ● Pricing models ○ By endpoint ○ By device ○ Per employee ○ Base + modules ● Sales models ● Compensation ● Channel sales
  • 16. Storytime! “FireEye Buyer’s Remorse” 1. Aggressive sales/marketing 2. Poorly understood value prop 3. Customers bought for the wrong reasons 4. Customer Regret 5. High churn, low renewals
  • 17. Ten Eleven questions to ask and why you should ask them 1. What problems and/or challenges do you solve? 2. How is the solution implemented (architecture)? 3. How does your product work? 4. What is the value proposition? 5. Does the product have a ‘killer feature’? 6. On average, how long is the typical deployment? 7. How much effort does the product take to maintain? 8. Who is your competition? 9. What is the one feature that differentiates you? 10. How do you measure the success of the product? 11. What is your ideal customer? Actual software product manager hard at work...
  • 18. Who Should You Ask? “It Depends”, however typically these are some of the better roles to handle product questions (in order): 1. Founder & CEO/CTO 2. Product Management 3. VP of Marketing or Product Marketing For technical questions the VP/Head of Research and Development is typically the best source.
  • 19. Agenda - Buckle up! Part 0: Problems and Goals Part 1: Shopping Part 2: Evaluation Part 3: Ownership
  • 20. Evaluation Checklist 1. Define goals and objectives (success metrics) 2. Setup the correct test data and/or environment (its okay to cheat, ala downloading bad domains vs. looking for them) 3. Testing in the lab, but perhaps with real data from the network or log sources 4. Continually testing various scenarios based on real-world experiences 5. Does it actually work? 6. How much effort will it take to make it work (value:labor ratio)? 7. How long will it take to implement (time-to-value)? 18 hours, days, weeks or months? 8. How easy (or difficult) will it be to operationalize it?
  • 21. Types Of Evaluations ● Hands-Off - You’ve spoken to the company at a high level and saw a technical demo. You’ve talked to analysts and companies using the product and received feedback. ● Open-Source / Free Trial - Typically limited in features, but allows you to conduct a very scaled down test. May only involve you, the security person, and if you find something good, you tell others.. ● Pre-Configured Testing - The vendor sets up a test, using fake data (or data that does not come from your environment). Allows you to explore all of the functionality (typically only involves you).
  • 22. Types Of Evaluations (2) ● Evaluating in your own lab - You’ve setup your own virtual/cloud environment, that does not mirror your production systems, but allows you to test solutions on your own. This may involve other people in your organization. ● Evaluating in a mirror - Mirror your production/test/qa/other environment, do the testing, likely with some others in your organization. ● Evaluating in production, limited implementation - In collaboration with other groups, implement the solution in a small sample of your network/systems. Typically this will include vendor support, at varying levels.
  • 23. Agenda - Buckle up! Part 0: Problems and Goals Part 1: Shopping Part 2: Evaluation Part 3: Ownership
  • 24. Long-term Ownership Consider: ● The True Cost metric ● The post-purchase relationship ○ Second-class citizen? ○ Did you “plan to ditch before you hitched?” ● Is there still technical value? ○ Overlap with other products? ○ Shift in threats? ● Does it still make financial sense? ○ Can you do it cheaper? ○ Hand off to MSSP? ○ Run in the cloud?
  • 25. Avoiding “Shelfware” The solution has to be practical, meaning it is: ● Aligned with business goals and objectives ● Solves actual problem(s) ● Makes jobs easier, not more difficult Really cool != practical (but I still want one)
  • 28. 1. Staff was oblivious 2. Symantec 3. FireEye 4. Phone Calls 1. Staff was very aware 2. Web Scanner (DAST) 3. Network Scanner 4. SAST tool 5. SSLV Malfunction 6. Custom Snort rule Storytime!
  • 29. Storytime! Every company breached had security products What went wrong? 1. Understand the product’s coverage and limitations 2. Understand your staff’s coverage and limitations 3. Learn to use tools effectively 4. Test systems, tools and staff
  • 30. Resources Product Evaluation Form (Google Doc) Incident Cost Calculator (Google Sheet) When to purchase a ‘solution’ to your cybersecurity problem (Blog Post) What is your product and what does it do? (Blog Post) In the SlideZip: ● From the CISO’s Guide to Startups ○ Slides ○ Handout and Appendicies ○ Vendor Expo Challenge ● Some of the blogs from the left ● Product/Vendor Evaluation Form
  • 31. For the handouts, email sawaba@zip.sh with infosecworld2019 in the subject or scan this QR code → Twitter: @sawaba Blog: https://medium.com/@sawaba Twitter: @securityweekly Email: paul@securityweekly.com Podcasts: https://securityweekly.com/subscribe THANK YOU Please Fill Out Your Evaluations